Ubuntu
postfix package

  1. Bug #1001040
  2. Comment #0

Comment 0 for bug 1001040

Revision history for this message
Eric Lambart (ubuntu-nomeaning) wrote :

Everytime my email server (Ubuntu Server 12.04) receives an email sent from google.com (e.g. gmail) using TLS with the RC4-MD5 cipher, it fails. Here is the output of once such interaction.

I have set smtpd_tls_loglevel=2 in /etc/postfix/main.cf in hopes this will help. Note that I have replaced my actual hostname with 'myhostname'

May 17 15:43:02 myhostname postfix/smtpd[28328]: initializing the server-side TLS engine
May 17 15:43:02 myhostname postfix/smtpd[28328]: connect from mail-yw0-f47.google.com[209.85.213.47]
May 17 15:43:03 myhostname postfix/smtpd[28328]: setting up TLS connection from mail-yw0-f47.google.com[209.85.213.47]
May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:before/accept initialization
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client hello A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server hello A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write certificate A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write server done A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read client key exchange A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 read finished A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write change cipher spec A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 write finished A
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL_accept:SSLv3 flush data
May 17 15:43:03 myhostname postfix/smtpd[28328]: mail-yw0-f47.google.com[209.85.213.47]: save session DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp to smtpd cache
May 17 15:43:03 myhostname postfix/tlsmgr[28319]: put smtpd session id=DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17 780133B84CE85D295&s=smtp [data 127 bytes]
May 17 15:43:03 myhostname postfix/tlsmgr[28319]: write smtpd TLS cache entry DC174AEAF16104F9B5ACF53EFD8E242ED70DD37C4957B17780 133B84CE85D295&s=smtp: time=1337294583 [data 127 bytes]
May 17 15:43:03 myhostname postfix/smtpd[28328]: Anonymous TLS connection established from mail-yw0-f47.google.com[209.85.213.47]: TLSv1 with cipher RC4-MD5 (128/128 bits)
May 17 15:43:03 myhostname postfix/smtpd[28328]: SSL3 alert read:fatal:bad record mac
May 17 15:43:03 myhostname postfix/smtpd[28328]: warning: TLS library problem: 28328:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20:
May 17 15:43:03 myhostname postfix/smtpd[28328]: lost connection after EHLO from mail-yw0-f47.google.com[209.85.213.47]
May 17 15:43:03 myhostname postfix/smtpd[28328]: disconnect from mail-yw0-f47.google.com[209.85.213.47]

At least one other user is encountering this problem, as discussed here:

http://ubuntuforums.org/showthread.php?p=11945418#post11945418

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: postfix 2.9.1-4
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Thu May 17 16:02:33 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
ProcEnviron:
 TERM=xterm
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: postfix
UpgradeStatus: No upgrade log present (probably fresh install)